It's possible with Cross-Origin Resource Sharing (CORS), specifically the Access-Control-Allow-Origin and related HTTP headers. That's how webperl.zero-g.net (GitHub Pages) is able to fetch and run WebPerl from webperlcdn.zero-g.net (Amazon CloudFront).

(Note that I'm currently providing webperlcdn.zero-g.net for "free", but if the Tragedy of the commons strikes and its usage gets too high, I may have to shut it off or find other solutions.)

Pardon my ignorance, but is it possible to host WebPerl on github?

> hat's how webperl.zero-g.net is able to fetch and run WebPerl from webperlcdn.zero-g.net.

Shouldn't that be the same top domain?

I'm confused, do all sites which fetch jquery or bootstrap from a cdn add CORS headers?

I'm on mobile at the moment and can't check...

Cheers Rolf
_{(addicted to the Perl Programming Language :)
Wikisyntax for the Monastery FootballPerl is like chess, only without the dice}

Pardon my ignorance, but is it possible to host WebPerl on github?

In theory, I could've uploaded the emperl.* build results onto GitHub, there is even the jsDelivr CDN that can be used for GitHub content. However, WebPerl isn't small - ~16MB uncompressed and 4MB compressed (if the server chooses to compress it). I also didn't know in advance how much it would get hit, and whether GitHub or that CDN might start enforcing some limits, and I didn't want to risk getting anything locked out because I am hosting large files that are being hit too often. Hence the separate domain and a CDN under my control.

Shouldn't that be the same top domain?

Not necessarily - that's why the CORS headers are needed.

I'm confused, do all sites which fetch jquery or bootstrap from a cdn add CORS headers?

code.jquery.com and maxcdn.bootstrapcdn.com both send the CORS header - but off the top of my head, I can't tell you whether it's required when also using Subresource Integrity (MDN seems to say that it is). I'm not an expert on this topic, this is just what I've figured out while getting WebPerl running :-)